This produces a txt file with html formatting to be included via SSI
What I would like to do is:
- Keep the script as simple as possible
- Improve security
- Keep the txt file this produces as small as possible
- Avoid whitespace as a username
- Gather Ideas that have not occurred to me as yet
I do know that using -T will do some security checking, but is there anything else I should add?
I have been given suggestions in the CB, but it's sometimes difficult for me to follow all of them, change and test code and get back to the CB to catch the rest of the comments.
The CGI script:
#!/usr/bin/perl -Tw
use strict;
use CGI;
use CGI::Carp 'fatalsToBrowser';
use Fcntl ':flock';
use POSIX qw(strftime);
my $now = strftime "%b %e", localtime;
my $q = new CGI;
my $user = length $q->param('user') ? $q->param('user') : "Anonymous";
$user = $q->escapeHTML($user);
my $message = $q->param('comment');
if ($message){ # Avoid posting blank messages
open FH, "+</var/www/html/comment.txt" or die "Oops: $!";
flock (FH,LOCK_EX) or die "Couldn't flock: $!";
my @comments = <FH>;
seek (FH ,0,0);
truncate (FH,0) or die "No can do: $!";
print FH "<br><b>On $now, $user added this bit o' wisdom:</b><br>$me
+ssage<br><hr>\n";
print FH @comments;
close FH;
}
print $q->redirect('http://server.com/index.shtml');
This produces a comment like
On Nov 17, Zecho added this bit o' wisdom:
Here's my comment, yes it's a little boring, but it's a comment.
|
Oh, and on a side note <coed> tags do not work. :)